Where is the Focus on Randomness in Cryptography?

Monday, June 27, 2011

Emmett Jorgensen


Co-authored by Nate Cote and Emmett Jorgensen

Too often we, as security professionals, aren’t asking all of the right questions when evaluating a new product or service. We’ve all heard of “256-bit AES” encryption and products secured with RSA keys of “x” size. 

Encryption key sizes have become commonplace metrics for evaluating security products utilizing cryptography – and many times become one of the primary pieces of information that drives product adoption by an organization.

A serious question we should be asking about cryptographic products, however, is related to the effectiveness of the Random Number Generator (RNG).

How many people truly gather any information on the randomness of the cryptography implemented in a product or module?  More specifically, is there any analysis of the effectiveness of the RNG? 

This is, after all, the engine of the entire process and perhaps the most critical piece of a product using cryptographic functionality.  Unfortunately, this information is nearly never discussed since most people don’t understand the importance of RNG quality, and therefore don’t ask about it.

What does this really mean in everyday terms?  The overall security of any device or product using cryptographic functions directly depends on the quality of the RNG implemented in the solution. 

The “encryption key” which typically protects the data in a module is generated from what should be a robust random number generator that is truly random.  The idea behind this is that someone wishing to attack the encrypted data should need to attack against the full strength of the protection (like the entire 256-bits of security).

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption.  This could allow some type of reverse engineering of the encrypted data or keys.  So, even though the device has “256-bit AES encryption”, it may not have anywhere close to that level of effective security. 

Patterns may begin to emerge, and every step may become easier than the next in deciphering the information, making it easier to connect the rest of the dots. The more random this initial value, the more secure the key, ciphertext, and other critical components are likely to be, and the more difficult for an attacker to find an easy way to attack the module.

So, how is one to actually understand if a product ultimately has a strong RNG? There are some certifications from a variety of testing bodies that will help to ensure that the product has met at least a reasonable level of strength in the random number generator implementation. 

The National Institute of Standards and Technology (NIST) offers a Federal Information Processing Standard (FIPS 140-2) testing program which references some acceptable implementations of random number generators such as ANSI X9.31 (which has been used for quite some time though is getting a bit older) as well as a variety of options within the NIST SP800-90 Guidance set which are widely considered as more robust. 

In addition, Common Criteria, an international standard for computer security certification will oftentimes go much deeper into the analysis of how good the RNG is than other accreditation programs.

Using either of these certification processes is an excellent starting point for determining the overall security of a product and helps ensure the use of a well implemented RNG.

Ultimately, working with a security vendor that has engaged these certification bodies and has a solid reputation in the industry is a good start.  If you still have concerns, ask a vendor how random their crypto is and see if you get a comforting response or a quizzical look – it may help give you the answer you have been looking for all along.

Nate Cote is the VP of product management at Kanguru Solutions overseeing security solutions and  product development.

Cross-posted from Kanguru Blog – Technology on the Move!

Possibly Related Articles:
Information Security
Encryption NIST Data Loss Prevention Guidelines Cryptography Random Number Generator
Post Rating I Like this!
Jamie Adams Excellent information. I agree too often the focus is on key size and the algorithm. I was very pleased several years ago when Linux/Unix operating systems started including /dev/[u]random to collect and use environmental noise. However, there is still room for improvement such as ensuring the machine is operating a very "unique" manner.

This is a tough concept for most administrators and professionals to grasp. Thanks for shedding some light on it.
Emmett Jorgensen Thanks for the comment Jamie. I think part of the problem is the algorithm and key size are easy to quantify. So that becomes the primary way that companies market their products for easy comparison. But if Infosec folks start asking for the RNG info, it will force companies to start providing that as well, and will give more accurate insight into a product‘s true security.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.